From a2c6de65d6b0f087d68a32e1bbfc562ba4452982 Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Fri, 13 Sep 2024 08:41:52 -0400 Subject: [PATCH] fix: add missing check for invalid email (#22057) > Related issue: #21813 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --- changes/21813-email-err | 2 ++ .../modals/RenewCertModal/RenewCertModal.tsx | 8 +++++++- server/service/integration_mdm_test.go | 8 ++++++++ server/service/mdm.go | 10 ++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 changes/21813-email-err diff --git a/changes/21813-email-err b/changes/21813-email-err new file mode 100644 index 0000000000..a9d25ecc21 --- /dev/null +++ b/changes/21813-email-err @@ -0,0 +1,2 @@ +- Fixed regression: we now check if the email used to get a signed CSR is invalid (i.e. is an email + from a free email provider). \ No newline at end of file diff --git a/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleMdmPage/components/modals/RenewCertModal/RenewCertModal.tsx b/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleMdmPage/components/modals/RenewCertModal/RenewCertModal.tsx index f596e8574c..8d71e91817 100644 --- a/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleMdmPage/components/modals/RenewCertModal/RenewCertModal.tsx +++ b/frontend/pages/admin/IntegrationsPage/cards/MdmSettings/AppleMdmPage/components/modals/RenewCertModal/RenewCertModal.tsx @@ -65,7 +65,13 @@ const RenewCertModal = ({ const onDownloadError = useCallback( // eslint-disable-next-line @typescript-eslint/no-unused-vars (e: unknown) => { - renderFlash("error", "Something's gone wrong. Please try again."); + const msg = getErrorReason(e); + + if (msg.toLowerCase().includes("email address is not valid")) { + renderFlash("error", msg); + } else { + renderFlash("error", "Something's gone wrong. Please try again."); + } }, [renderFlash] ); diff --git a/server/service/integration_mdm_test.go b/server/service/integration_mdm_test.go index f8b3fb6790..61d25d5459 100644 --- a/server/service/integration_mdm_test.go +++ b/server/service/integration_mdm_test.go @@ -1329,6 +1329,14 @@ func (s *integrationMDMTestSuite) TestGetMDMCSR() { require.Len(t, errResp.Errors, 1) require.Contains(t, errResp.Errors[0].Reason, "FleetDM CSR request failed") + // Check that we return bad request if the website API does (it will do this in case of an + // invalid email address + s.FailNextCSRRequestWith(http.StatusUnprocessableEntity) + errResp = validationErrResp{} + s.DoJSON("GET", "/api/latest/fleet/mdm/apple/request_csr", getMDMAppleCSRRequest{}, http.StatusUnprocessableEntity, &errResp) + require.Len(t, errResp.Errors, 1) + require.Contains(t, errResp.Errors[0].Reason, "this email address is not valid") + // Invalid APNS cert upload attempt s.uploadDataViaForm("/api/latest/fleet/mdm/apple/apns_certificate", "certificate", "certificate.pem", []byte("invalid-cert"), http.StatusUnprocessableEntity, "Invalid certificate. Please provide a valid certificate from Apple Push Certificate Portal.", nil) diff --git a/server/service/mdm.go b/server/service/mdm.go index 294d503d81..7a06c015cd 100644 --- a/server/service/mdm.go +++ b/server/service/mdm.go @@ -2351,6 +2351,16 @@ func (svc *Service) GetMDMAppleCSR(ctx context.Context) ([]byte, error) { if err != nil { var fwe apple_mdm.FleetWebsiteError if errors.As(err, &fwe) { + // From svc.RequestMDMAppleCSR: fleetdm.com returns a bad request here if the email is invalid. + if fwe.Status >= 400 && fwe.Status <= 499 { + return nil, ctxerr.Wrap( + ctx, + fleet.NewInvalidArgumentError( + "email_address", + fmt.Sprintf("this email address is not valid: %v", err), + ), + ) + } return nil, ctxerr.Wrap( ctx, fleet.NewUserMessageError(